Current time: 04-18-2014, 11:53 PM Hello There, Guest! (LoginRegister)

Post Reply 
Defend against users sharing .htaccess passwords
06-20-2005, 04:16 PM
Post: #1
Defend against users sharing .htaccess passwords
Since there is no Iprotect anymore (boo hoo). I decided to write a simple php function for all who need a quick solution to people sharing out their passwords and killing your bandwidth limits.

here goes, (please pardon my lack of coding
etiquette...i did this as quick as I could)

1 - Change the config variables to suit your envirnoment
2 - Write the checkUserIsAlreayLoggedIn() Call the following function at the top of all your protected php pages.

function checkUserIsAlreayLoggedIn(){
// Config Variables
// Change this line to the path and filename of your users file.
$s_pathToUsersFile = ".users.txt";
// location of shared password page :: Fully Qualified is best
$s_userAlreadyLoggedInURL ="http://www.google.com/";

// INIT variables :
// HINT: b_ = boolean, s_ = string, i_ = int, h_ = file handle
$b_userIsFound = "false"; $b_passwordIsShared = "false";
$i_timeout = 30*60; // 30min*60sec = 1800 sec

// Let's Go.

$a_lines = file($s_pathToUsersFile);
$h_newFile=fopen($s_pathToUsersFile,"w");

//compare the time to now;
// if ip is same
// update the row
// if IP is different... send them an error page.

foreach($a_lines as $line){
$userinfo = sscanf($line, "%s\t%s\t%s\n");
list ($theName, $theIp, $theTime) = $userinfo;
if ($theName==$_SERVER['REMOTE_USER']){
$b_userIsFound = "true";
// check IP address is same as last req
if ($theIp == $_SERVER['REMOTE_ADDR']){
// update the time in $line;
$line = $theName."\t".$theIp."\t".time()."\n";
}
else{
// oh no....its a different ip
// lets check the time of last req
if ((time()-$theTime)>$i_timeout){
// timeout has occured...its safe to update the time in $line
$line = $theName."\t".$theIp."\t".time()."\n";
}
else {
// ip address is different and user has logged in without timeout occuring!!!
$b_passwordIsShared = "true";

}
}
}
fputs($h_newFile,$line); //place $line back in file
}
fclose($h_newFile);

if ($b_passwordIsShared=="true"){
header("Location: $s_userAlreadyLoggedInURL"); /* Redirect browser */
/* Make sure that code below does not get executed when we redirect. */
exit;
}

if ($b_userIsFound=="false"){
$h_appendFile=fopen($s_pathToUsersFile,"a");
$line = $_SERVER['REMOTE_USER']."\t".$_SERVER['REMOTE_ADDR']."\t".time()."\n";
fputs($h_appendFile,$line);
fclose($h_appendFile);
}
}
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: